3 matches found
CVE-2025-66910
Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in plaintext within AdminInfo objects to optimize authentication performance. Upon successful login,...
CVE-2025-66910
Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in plaintext within AdminInfo objects to optimize authentication performance. Upon successful login,...
CVE-2025-66910
Turms Server (v0.10.0-SNAPSHOT and earlier) stores administrator passwords in plaintext in memory (AdminInfo.rawPassword) to optimize authentication. This allows local attackers with access to memory, dumps, heap analysis, or debuggers to recover raw passwords despite bcrypt usage. Affected compo...